Security Watch

Is China Spying on The UK?

Some believe the British Olympic canoeing team was a target of Chinese hackers. Plus: data center goes kablooey; Trojan nabs banking info; more

Accusations are flying around against the Chinese, who some believe have been trying to obtain performance data on the U.K. Olympic canoeing team. All this based on the "fact" that attack attempts were traced back to IP originating from Chinese address spaces. (Read the UPI story here.)

Both the assertion the attacks were made by Chinese and the belief the criminals were trying to obtain performance data on the team are assumptions. But it's fashionable to say that Chinese hackers are trying to steal information these days, so the story reads as such. Why else would anyone hack the U.K. Olympic canoeing team's site? It's certainly not for the sake of getting another compromised server to abuse -- no, that couldn't be possible at all. Lest we all forget, one of the oldest "hacker" moves involves hopping through compromised servers in order to cover a criminal's tracks.

Guilty: CA Data Center Time Bomber
Lonnie Charles Denison, a 33-year-old contract Unix administrator in northern California, has pled guilty to attempted damage of an energy facility after hitting the "big switch" and shutting down a data center. It took some seven hours and 20 people to fully restore operation at the facility. Denison also sent an e-mail the day following the shutdown, claiming he planted a bomb. The actions were a result of his discovering that he'd been denied system access. (Read the story at The Register here.)

Firing someone is more complex than many realize, and timing is -- as this story points out clearly -- very important. Get the employee away from systems, then revoke access, and only then escort that person out of the facility. Never fire anyone until you're certain you know all of the access methods possible and, even so, you should also have complete control over those methods.

Making Bank Transfers with Trojans
According to this ComputerWorld report, a group of criminals have crafted a Trojan which attempts to mimic the steps a human would take to transfer funds from a commercial bank account to accounts controlled by the criminals. The Trojan is offered to individuals culled from earlier phishing attempts and, in particular, those individuals that have been identified as having a commercial account. The group sent e-mails specific to the banks of those in this smaller group of potential victims, in an attempt to get the new Trojan installed. The new Trojan waits for the victim to connect to his or her bank site, and then automates tasks the victim might do themselves while the victim is on the site.

Clearly the criminals are aware of some of the anti-fraud measures in place at some banks and are modifying their Trojans so that it actually avoids alerting everyone on the list. Even with this new approach and its ability to avoid some anti-fraud measures, the Trojan relies first and foremost upon victims falling for their phishing attempt that installs the Trojan. It's amazingly simple to teach people how to avoid phishing. If you ever receive an e-mail that tries to inform you of any sort of problem or issue related to your relationship with that party, just ignore it. If there truly is an issue, you'll get a phone call!

Hackers Harvest Data from Facebook
Facebook has named the individuals it cited in a lawsuit filed in June 7007, in which three individuals and a company, Slickcash.com, have been accused of unlawfully accessing Facebook servers in an attempt to harvest information from Facebook user profiles. The article from TechNewsWorld.com makes no mention of what the hackers hoped to achieve by such harvesting.

It should be made clear to everyone that data stored on such sites is not only potentially dangerous, but could also haunt individuals for many years to come. The likes, dislikes, quirks and off-the-top-of-the-head feelings are often posted hourly. All of this information is eventually cached and stored and may be perused for who knows what reasons for who knows how long ... it's best to assume that all that data will live forever somewhere on the Internet. Be it stalking or merely an effort to create a clearer picture to a human resources person who's thinking about hiring you, the information may be more than you ever imagined others might have read.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.

comments powered by Disqus
Most   Popular